From 07ab83a09fd3f8eea9162f01b19646fb04c92b58 Mon Sep 17 00:00:00 2001
From: phaer <hello@phaer.org>
Date: Tue, 25 Jan 2022 14:21:58 +0100
Subject: [PATCH] use locals to deduplicate ssh key expressions

---
 agents.tf  |  8 ++++----
 locals.tf  | 10 +++++++++-
 master.tf  | 10 +++++-----
 servers.tf |  8 ++++----
 4 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/agents.tf b/agents.tf
index 16f0f05..3ec7d14 100644
--- a/agents.tf
+++ b/agents.tf
@@ -28,8 +28,8 @@ resource "hcloud_server" "agents" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }
@@ -40,8 +40,8 @@ resource "hcloud_server" "agents" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }
diff --git a/locals.tf b/locals.tf
index 5a4dbe4..4efec23 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,7 +1,15 @@
 locals {
   first_control_plane_network_ip = cidrhost(hcloud_network.k3s.ip_range, 2)
-  ssh_public_key                 = trimspace(file(var.public_key))
   hcloud_image_name              = "ubuntu-20.04"
+  ssh_public_key                 = trimspace(file(var.public_key))
+  # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
+  ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
+  # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
+  # For terraforms provisioner.connection.agent_identity, we need the public key as a string.
+  ssh_identity = var.private_key == null ? local.ssh_public_key : null
+  # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
+  # if an ssh agent is used.
+  ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
 
   k3os_install_commands = [
     "apt install -y grub-efi grub-pc-bin mtools xorriso",
diff --git a/master.tf b/master.tf
index ec7cf25..561e1ab 100644
--- a/master.tf
+++ b/master.tf
@@ -24,8 +24,8 @@ resource "hcloud_server" "first_control_plane" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }
@@ -36,8 +36,8 @@ resource "hcloud_server" "first_control_plane" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }
@@ -45,7 +45,7 @@ resource "hcloud_server" "first_control_plane" {
   # Wait for k3os to be ready and fetch kubeconfig.yaml
   provisioner "local-exec" {
     command = <<-EOT
-      sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${var.private_key} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
+      sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
       sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
     EOT
   }
diff --git a/servers.tf b/servers.tf
index bb0cfbb..ba31ff3 100644
--- a/servers.tf
+++ b/servers.tf
@@ -27,8 +27,8 @@ resource "hcloud_server" "control_planes" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }
@@ -39,8 +39,8 @@ resource "hcloud_server" "control_planes" {
 
     connection {
       user           = "root"
-      private_key    = var.private_key == null ? null : file(var.private_key)
-      agent_identity = var.private_key == null ? file(var.public_key) : null
+      private_key    = local.ssh_private_key
+      agent_identity = local.ssh_identity
       host           = self.ipv4_address
     }
   }